The present invention relates to an in-vehicle communication system and, more particularly, to a technique which can be applied to an in-vehicle communication system using, for example, a public key encryption.
In recent years, aiming at reducing the transportation fatalities, studies of road-to-vehicle/vehicle-to-vehicle communications intended to support safety driving are being conducted. “road-to-vehicle” denotes “between a roadside device and a vehicle”, and “vehicle-to-vehicle” denotes “between a vehicle and a vehicle”. In services related to support of safety driving, the possibility that one erroneous message causes a big accident is high. It is therefore important to recognize that a message is transmitted from a right roadside device or a device mounted on a vehicle (in-vehicle device) and that a message transmitted from a right roadside device or an in-vehicle device is not altered by a malicious person, that is, to assure authenticity/integrity of a message.
One of schemes of assuring authenticity/integrity of a message is an electronic signature using public key encryption. The public key encryption is a method of performing encryption/decryption by using two keys as a set of a secret key and a public key. Although the secret key has to be managed in secret, the public key may be open. Therefore, in electronic signature using the public key encryption, a sender encrypts a hash value (message digest) of a message with a secret key to generate a signature. The message sender transmits the signature together with the message. A message receiver obtains a public key of the sender and decrypts the received signature. The signature is verified by checking whether a decrypted value (hash value) is equal to a hash value generated from the received message.
The electronic signature using the public key encryption has a problem of verification of validity of a public key. Generally, a certificate authority issues a public key certificate. A public key certificate is a certificate coupling a public key and information of the owner of the public key, and carries a signature. A key used to generate a signature of a certificate is a secret key of a certificate authority. A message receiver obtains a public key certificate of a message sender and a public key of a certificate authority and verifies the public key certificate and the signature, thereby verifying the validity of the public key. In this case, verification of validity of the public key of the certificate authority is an issue. Consequently, a public key certificate is issued also for the public key of the certificate authority. To the public key certificate, a signature generated by the secret key of the certificate authority itself is designated. In the case where certificate authorities have a hierarchical structure, a high-order certificate authority issues a public key certificate of a low-order certificate authority.
Therefore, at the time of verifying a signature of a message, a public key certificate of each of certificate authorities is verified, the public key certificate of the message sender is verified and, after that, the signature of the message is verified. That is, to verify the signature of the message, the public key certificate verification and signature verification have to be performed a plurality of times. In verification of a public key certificate, checks are made to see whether the certificate is before expiration or not, whether the public key certificate is not altered or not (verification of the signature of the public key certificate succeeds with the public key of the certificate authority or not), whether the certificate is revoked or not, and the like. For example, in the case where the certificate is expired or in the case where the verification of the signature with the public key of the certificate authority fails, it means that the verification of the public key certificate fails.
It takes relatively long time to execute verification of a public key certificate and verification of a signature. On the other hand, in service aiming at support of safety driving, fast-response is required, and high-speed process is demanded for the verification of a public key certificate and signature verification. Techniques for shortening time required for the verification of a public key certificate and signature verification are described in the following patent literatures.
In patent literature 1, in road-to-vehicle communication, a public key certificate of a certificate authority succeeded in public key certificate verification is stored in an in-vehicle device. While a public key certificate of the same certificate authority is received, verification on the public key certificate of the certificate authority is omitted, and a public key certificate of a message sender (a roadside device) and a signature of a message are verified.
In patent literature 2, in vehicle-to-vehicle communication, in the case where a message receiver succeeds in verification of a public key certificate of a message sender, a received public key is stored together with reception time and position information into a memory. In the case where the same public key is received, verification of the public key certificate of the message sender is omitted. In the case where a public key whose present time lapsed for predetermined time since reception time or present position is far from reception position information in the stored information, registered information is deleted.